Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

How to remove SweetIM virus?


  • Please log in to reply

#1
Duke_haphazard

Duke_haphazard

    New Member

  • Member
  • Pip
  • 5 posts
Hey there. I seem to have gotten SweetIM on my computer and it's causing my machine to run exceedingly slowly along with adding loads of pop-ups to any web browser I try to use. I've uninstalled and reinstalled my browsers but the problem is still there. I've tried to uninstall the sweetIM files, but it still happens.

I had a look at the about:config on Firefox and noticed there are lots of entries for SweetIM. (Note the picture I've attached)

If anyone can help it would be amazing and I would love you forever!

Attached Thumbnails

  • aboutconfig.jpg
  • aboutconfig.jpg

Edited by Duke_haphazard, 11 May 2013 - 03:58 AM.

  • 0

Advertisements


#2
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, Duke_haphazard and welcome to GeeksToGo!

You can call me Phel and today I will help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.;)

Please note, that my answers could come with a slight delay, because they are checked by my teacher.

To start with I need to get some logs. Please, follow these steps:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#3
Duke_haphazard

Duke_haphazard

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
hi, thanks for the reply.

I've ran the OTL program, and I have the two .txt files. I'll post them in two separate posts as they are quite long.

Heres OTL.txt

OTL logfile created on: 11/05/2013 18:49:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Duke\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.55 Gb Available in Paging File | 81.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 115.03 Gb Total Space | 37.14 Gb Free Space | 32.29% Space Free | Partition Type: NTFS
Drive D: | 115.03 Gb Total Space | 52.37 Gb Free Space | 45.53% Space Free | Partition Type: NTFS
Drive E: | 117.86 Gb Total Space | 49.22 Gb Free Space | 41.77% Space Free | Partition Type: NTFS

Computer Name: HAL | User Name: Duke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/11 18:48:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Duke\Downloads\OTL.exe
PRC - [2013/05/09 09:58:35 | 006,583,664 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Setup\avast.setup
PRC - [2013/05/09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/19 23:10:03 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Help\Adobe Help.exe
PRC - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/20 08:44:16 | 000,296,392 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/09/05 18:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- E:\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/19 23:10:03 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Help\Adobe Help.exe
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/11 10:26:58 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/15 14:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/09 09:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/05/09 09:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/05/09 09:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/05/09 09:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 09:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 09:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 09:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 09:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/04/30 11:55:32 | 000,052,640 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2013/04/30 11:55:32 | 000,025,120 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2013/02/12 05:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/10/11 04:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/10/11 04:08:08 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/20 14:38:00 | 000,180,584 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK1705.sys -- (SaiK1705)
DRV:64bit: - [2012/09/20 14:38:00 | 000,047,208 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiU1705.sys -- (SaiU1705)
DRV:64bit: - [2012/09/04 20:19:59 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/09/04 20:19:59 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/02 17:49:46 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2009/08/21 09:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 21:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/08/17 07:48:46 | 000,030,336 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/01/29 12:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easyli...825&lg=EN&cc=GB
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easyli...825&lg=EN&cc=GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A1 DF 80 91 9A 99 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easyli...825&lg=EN&cc=GB
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.easyli...N&cc=GB&l=1&q="
FF - prefs.js..browser.search.order.1: "EasyLife"
FF - prefs.js..browser.search.order.1,S: S", "EasyLife"
FF - prefs.js..browser.search.selectedEngine,S: S", "EasyLife"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B687578b9-7132-4a7a-80e4-30ee31099e03%7D:3.18.0.7
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..keyword.URL: "http://search.easyli...N&cc=GB&l=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "google"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://search.easyli...25&lg=EN&cc=GB"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.easyli...N&cc=GB&l=1&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: E:\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: E:\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: E:\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: E:\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/11/22 13:29:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/11 09:56:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: E:\Program Files\Mozilla\components [2013/05/11 10:27:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: E:\Program Files\Mozilla\plugins

[2011/03/09 16:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Duke\AppData\Roaming\Mozilla\Extensions
[2013/05/11 10:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Duke\AppData\Roaming\Mozilla\Firefox\Profiles\usp0sdvi.default\extensions
[2013/05/11 08:47:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Duke\AppData\Roaming\Mozilla\Firefox\Profiles\usp0sdvi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/02/10 14:37:30 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Duke\AppData\Roaming\Mozilla\Firefox\Profiles\usp0sdvi.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2013/02/23 23:06:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Duke\AppData\Roaming\Mozilla\Firefox\Profiles\usp0sdvi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/07/22 17:45:04 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\Duke\AppData\Roaming\Mozilla\Firefox\Profiles\usp0sdvi.default\extensions\[email protected]
[2013/04/06 20:41:17 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Duke\AppData\Roaming\Mozilla\Firefox\Profiles\usp0sdvi.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

========== Chrome ==========

CHR - homepage: http://search.easyli...825&lg=EN&cc=GB
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: conatiinuaeotaoassaVe = C:\Users\Duke\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmfcedmkccifjagfpbfoidbccdbmabjk\1\
CHR - Extension: avast! WebRep = C:\Users\Duke\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1125_0\
CHR - Extension: SearchNewTab = C:\Users\Duke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojepmiginaplhpabockgmhbmhifejfba\1\

O1 HOSTS File: ([2012/10/20 19:40:38 | 000,000,204 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] E:\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [HP Officejet 4620 series (NET)] C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" File not found
O4 - Startup: C:\Users\Duke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Duke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Duke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Duke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A63DC83-8B59-4D59-BDAA-6D00C83AE2DA}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{969157C9-51C1-49D9-810C-76334E84427B}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/13 21:18:09 | 000,000,000 | ---D | M] - E:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{6e07ea07-f6b4-11e1-b4ac-0030840fc740}\Shell - "" = AutoRun
O33 - MountPoints2\{6e07ea07-f6b4-11e1-b4ac-0030840fc740}\Shell\AutoRun\command - "" = I:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/11 11:20:20 | 000,000,000 | ---D | C] -- C:\Users\Duke\Desktop\Maxon Cinema 4D R14 Hybrid Win_Mac
[2013/05/11 10:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2013/05/11 09:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/05/11 09:59:09 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/05/11 09:59:05 | 000,378,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/05/11 09:58:33 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/05/11 09:58:25 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/05/11 09:58:23 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/05/11 09:57:48 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/05/11 09:55:29 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/09 21:21:22 | 000,000,000 | ---D | C] -- C:\Users\Duke\AppData\Local\SmartTechnology
[2013/05/09 21:15:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\SmartTechnology Profiles
[2013/05/09 21:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Technology
[2013/05/09 21:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartTechnology
[2013/05/09 21:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\SmartTechnology
[2013/05/09 21:08:45 | 000,000,000 | ---D | C] -- C:\Users\Duke\Desktop\CS5_Volume1
[2013/05/03 09:12:32 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2013/05/03 09:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Twixtor 5, After Effects-compatible plugin set
[2013/05/03 09:11:24 | 000,000,000 | ---D | C] -- C:\Users\Duke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REVisionEffects
[2013/05/03 09:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REVisionEffects
[2013/05/03 08:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013/05/03 08:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchNewTab
[2013/05/03 08:45:42 | 000,000,000 | ---D | C] -- C:\Users\Duke\AppData\Roaming\Systweak
[2013/05/03 08:45:40 | 000,020,488 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013/05/03 08:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\conatiinuaeotaoassaVe
[2013/05/03 08:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/04/30 11:55:32 | 000,052,640 | ---- | C] (Saitek) -- C:\Windows\SysNative\drivers\SaiBus.sys
[2013/04/30 11:55:32 | 000,025,120 | ---- | C] (Saitek) -- C:\Windows\SysNative\drivers\SaiMini.sys

========== Files - Modified Within 30 Days ==========

[2013/05/11 18:21:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/11 14:21:03 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/11 10:27:50 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/11 09:59:26 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/05/11 09:57:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/05/11 08:35:39 | 000,017,328 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/11 08:35:39 | 000,017,328 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/11 08:28:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/11 08:28:04 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/09 21:08:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SaiK1705_01009.Wdf
[2013/05/09 20:36:49 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/09 20:36:49 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/09 09:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/05/09 09:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/05/09 09:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/05/09 09:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/05/09 09:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/05/09 09:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/05/09 09:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/05/09 09:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/05/09 09:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/09 09:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/05/03 10:42:30 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/03 10:42:30 | 000,664,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/03 10:42:30 | 000,125,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/30 11:55:32 | 000,052,640 | ---- | M] (Saitek) -- C:\Windows\SysNative\drivers\SaiBus.sys
[2013/04/30 11:55:32 | 000,025,120 | ---- | M] (Saitek) -- C:\Windows\SysNative\drivers\SaiMini.sys
[2013/04/28 13:04:59 | 000,001,043 | ---- | M] () -- C:\Users\Duke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/27 13:59:06 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/04/14 20:56:19 | 461,547,864 | ---- | M] () -- C:\Users\Duke\Desktop\Game.of.Thrones.S03E03.HDTV.XviD-AFG.avi
[2013/04/11 21:37:29 | 005,032,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/05/11 10:27:50 | 000,000,736 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/11 10:27:50 | 000,000,736 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/11 09:59:26 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/05/11 09:58:12 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/05/11 09:58:01 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/05/09 21:08:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SaiK1705_01009.Wdf
[2013/05/09 20:36:49 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/09 20:36:49 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/28 13:04:59 | 000,001,043 | ---- | C] () -- C:\Users\Duke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/27 13:59:06 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/04/16 16:37:17 | 461,547,864 | ---- | C] () -- C:\Users\Duke\Desktop\Game.of.Thrones.S03E03.HDTV.XviD-AFG.avi
[2013/02/18 23:00:25 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2012/12/29 03:54:18 | 000,000,132 | ---- | C] () -- C:\Users\Duke\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/12/23 12:17:35 | 000,001,067 | ---- | C] () -- C:\Users\Duke\Documents - Shortcut.lnk
[2012/12/01 23:42:38 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/08/25 13:53:41 | 000,764,774 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/25 13:00:17 | 000,000,132 | ---- | C] () -- C:\Users\Duke\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/02/23 16:50:26 | 000,743,262 | ---- | C] () -- C:\Windows\unins000.exe
[2012/02/23 16:50:26 | 000,062,853 | ---- | C] () -- C:\Windows\unins000.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/11 12:57:17 | 000,007,606 | ---- | C] () -- C:\Users\Duke\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/22 19:10:31 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\Ableton
[2012/02/13 21:37:18 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\Autodesk
[2011/03/31 11:54:54 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\Azureus
[2012/11/02 22:42:02 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\Bioshock2
[2012/10/04 11:56:53 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\canon
[2012/10/19 11:21:08 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\Canon_Inc_IC
[2011/10/05 00:04:59 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/19 13:45:31 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/05/11 08:41:33 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\Dropbox
[2013/02/18 23:00:48 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\Final Draft
[2012/07/16 23:09:32 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\fltk.org
[2011/08/08 13:48:24 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\gtk-2.0
[2011/03/11 13:18:58 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\PACE Anti-Piracy
[2012/11/19 22:41:24 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\PDAppFlex
[2012/08/12 17:31:51 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\Propellerhead Software
[2011/03/11 19:03:09 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/04/25 13:43:54 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\Steinberg
[2013/05/03 08:55:15 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\Systweak
[2013/02/19 00:24:01 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\uTorrent
[2011/03/11 17:49:06 | 000,000,000 | ---D | M] -- C:\Users\Duke\AppData\Roaming\Xilisoft

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1273 bytes -> C:\Users\Duke\AppData\Local\JfuYBagTliGE7:c4WGlfGUZRQ56Z8caobnX3
@Alternate Data Stream - 1091 bytes -> C:\Users\Duke\AppData\Local\Temp:bdBwc1tcc1gQDNLolOtkBl7

< End of report >
  • 0

#4
Duke_haphazard

Duke_haphazard

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
And here is the Extras.txt

OTL Extras logfile created on: 11/05/2013 18:49:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Duke\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.55 Gb Available in Paging File | 81.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 115.03 Gb Total Space | 37.14 Gb Free Space | 32.29% Space Free | Partition Type: NTFS
Drive D: | 115.03 Gb Total Space | 52.37 Gb Free Space | 45.53% Space Free | Partition Type: NTFS
Drive E: | 117.86 Gb Total Space | 49.22 Gb Free Space | 41.77% Space Free | Partition Type: NTFS

Computer Name: HAL | User Name: Duke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "E:\Program Files\VLC\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VLC\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "E:\Program Files\VLC\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VLC\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B5F5B97-4AEE-4DBE-AA52-1BCFFB0421CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1FA672F4-EF0D-4E08-A020-0EC0E377EC8A}" = rport=137 | protocol=17 | dir=out | app=system |
"{202824C6-FDF7-4D5B-8C22-DEF4E0DECAF1}" = lport=445 | protocol=6 | dir=in | app=system |
"{3D351885-C5DD-477F-93F1-F99302DF25F2}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 |
"{417423D9-4102-4DDF-9767-796EB8562823}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{45080581-44DA-40E7-8BC3-036C6F705CFB}" = rport=139 | protocol=6 | dir=out | app=system |
"{4F5E2685-46A6-4D8C-A2BA-A21BDF4D1129}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B4EE8D3-424A-4DB2-84DD-A610EC285AC2}" = rport=138 | protocol=17 | dir=out | app=system |
"{91E13EA4-EB13-4109-A573-FADA1F66EC0C}" = lport=138 | protocol=17 | dir=in | app=system |
"{AA005FC4-18CC-4EAE-8FAC-F177EB2C08E1}" = rport=445 | protocol=6 | dir=out | app=system |
"{C0DDE76D-1678-4686-B47F-5FC77E0E0A43}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5F095FF-08C6-4A93-B271-270BF56BA95C}" = lport=137 | protocol=17 | dir=in | app=system |
"{D6EA7B9A-4B56-4493-BD2E-78021521D031}" = lport=139 | protocol=6 | dir=in | app=system |
"{D8D4C48A-98A0-4E01-8CA9-1DA545E72280}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA802E1F-CB17-44FD-A250-4B0BAAF40028}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F3858065-D067-4D24-A8D4-BD0E97050E2D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F93B1D5C-E4AE-403D-80CB-B0067445B60F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029E3B2A-8926-479C-9649-350208C22C02}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{03009814-26F7-4A04-97E2-2C0A6C60AB63}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{0371F1E4-AA6E-4F23-932B-5841536FF64B}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{05C669D8-7F19-41E3-ABD4-E30BEC8337AD}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe |
"{08486002-5CA0-4D6E-8EAC-6E52CA3DBFCE}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.patch.exe |
"{085FCD4E-9DDF-4765-A6F5-65CFF045AA4A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\jedi knight mysteries of the sith\jkm.exe |
"{096E98CB-4A04-4152-A92B-D678956ACDB8}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\myst masterpiece\myst.exe |
"{1DC335AE-D058-4DDF-85B9-50A757172C3F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{20793F7A-2542-409B-AA00-813C55383F4A}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe |
"{24026135-7D8A-4364-B1EA-631205A53FBA}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\planetside 2\launchpad.exe |
"{256CD805-4C0A-4585-BAB9-3D114933BDAD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{279EBEA0-5A6E-4DDA-9F99-A88536502CAC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{281F4F71-DB41-46D2-A58C-DB7041543F83}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2AC5B2DE-E871-49D1-A4F2-5F9268FC25BD}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{2CCA763F-8391-435F-AC8E-1242DA1E4C0D}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\metro 2033\metro2033.exe |
"{2D00426A-3590-4D2A-989D-C64ACF90E1CB}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{33B483ED-346D-42D1-8C2F-888AF02B9244}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{34650AE3-614B-467E-AB37-BEC8D4787E53}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{34E65D8B-D059-4873-B8BD-953BBAFF2B0A}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\myst masterpiece\myst.exe |
"{3583F8D7-D7C2-409E-958E-ADF2F735F57D}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\jedi outcast\gamedata\jk2sp.exe |
"{39CBAA82-E722-42AC-BD48-50935F3230DD}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{3B09493D-C759-4760-B2E7-9442B87DC9AF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3B32756C-B9BC-48DF-A01D-D4178E185DE9}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{3D853952-37D4-4B15-863B-13DAB2A4D3CE}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\jedi outcast\gamedata\jk2sp.exe |
"{44B63976-4675-4C35-8531-F8CE5173A724}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{52886EFC-ED3D-4514-B65D-77FE9E5CB271}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{531F1D80-D67C-4399-BBF2-9D40565C8261}" = protocol=17 | dir=in | app=e:\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{560A6C4D-5AD4-4A86-A59E-989CC56D88C2}" = protocol=58 | dir=in | [email protected],-28545 |
"{56FF00FA-8493-41D9-BBD9-870F847F17E6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{576FF80A-FECD-4150-ADDB-F56CC3BB2F8C}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\jedi academy\gamedata\jasp.exe |
"{5A5A0437-CF7E-4E87-B628-632F1DE41944}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\star wars jedi knight\jk.exe |
"{60F882B3-3848-4669-92F5-AB3D1BA34778}" = protocol=1 | dir=out | [email protected],-28544 |
"{61CC9EA8-5954-4D6D-B466-14BBA23346CA}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\planetside 2\launchpad.exe |
"{660F3DFB-6481-4BAB-9936-7DC0249C0673}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.patch.exe |
"{66860EC3-7BD8-4172-AB5E-A2C8DEED8416}" = protocol=6 | dir=in | app=e:\program files\utorrent.exe |
"{6AFBBF87-6CB5-4DB0-B527-A9D2F74CBAA1}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{6B67AB0A-04D8-4508-8BD8-B13C6B789806}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6C8C93E5-7A22-4BB7-8008-2F489707D30E}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\jedi academy\gamedata\jamp.exe |
"{6CE7DE51-9C9C-4D44-9CDD-D2442749BD81}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\faxapplications.exe |
"{71ACCB39-3543-4A49-9A58-07FA0648C257}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\star wars jedi knight\jk.exe |
"{724E3F47-A0FB-454D-A23A-24A3119ECB4A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{733E93A6-CFD0-4DC6-878C-33DADF62DD24}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{751B1170-9A34-4E33-9D0D-A88F008F92A4}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe |
"{76463771-89CB-45D7-8500-C5A0A47366B5}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{77A5354F-141A-4D08-8AAB-8133A7B547CC}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{7850019C-6431-4F44-A38B-2E06F6098C07}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\jedi outcast\gamedata\jk2sp.exe |
"{79629315-F65F-4963-9F4E-AE5D9E9F654E}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\dirt\dirt.exe |
"{7CEBF586-4EF8-40FE-A0DA-F8CE51AB41A7}" = protocol=58 | dir=out | [email protected],-28546 |
"{80780029-4528-4371-B874-4A7396B3CD73}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\jedi knight mysteries of the sith\jkm.exe |
"{83B4CB27-7E79-4BED-8E9B-D270071E1859}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\dirt\dirt.exe |
"{845EC7F6-91A8-46A6-93F1-2E715497CE56}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\jedi outcast\gamedata\jk2mp.exe |
"{84946940-2A11-43D7-A013-FDA99ACACAB7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8576529D-E98F-4772-939B-573BC88C2F3D}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{88BEEBF8-F8A0-4005-9D79-43870B87EC1B}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\dark forces\dosbox\dosbox.exe |
"{8AF97EAA-0EE8-4817-A3E7-967487A4A66B}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\exile252\counter-strike source\hl2.exe |
"{8C7CADDF-B0E9-46AE-84AF-57A1B21FB50A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\jedi outcast\gamedata\jk2mp.exe |
"{8CDE9B6F-3127-4AFB-8A6E-44485F871F2F}" = protocol=6 | dir=in | app=e:\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{8ECAEC6E-33D9-4A49-8E99-B02683FBBDB9}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\jedi academy\gamedata\jasp.exe |
"{8F9AA17B-0057-4B2E-B2F4-B9D22B6C8855}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{8FA6EFE0-56A9-4B05-92A4-E5B51F8A4F17}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{914D4EBC-707F-4E9C-A330-B3B8CA172A6B}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{93E55697-7CC0-4C09-8D4F-A1B9F2AE55E2}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{93E9D4EC-E474-4BFE-B310-89327611DD3C}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\jedi outcast\gamedata\jk2mp.exe |
"{944EAA43-A97C-4B30-B9D6-25C926D53E5E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{98221E93-C8B7-44D9-A14B-BB1668A1DB4A}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\devicesetup.exe |
"{9F674364-5BD6-4AAC-9981-CF2342BE4BE1}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{A4E5EAF8-5190-4FE6-A235-B335579E0115}" = protocol=1 | dir=in | [email protected],-28543 |
"{A9200FD9-7DCB-4186-9F43-31B084B50ED0}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe |
"{B4BCB6C7-B5BE-49C5-977C-6DE17964516E}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\jedi outcast\gamedata\jk2sp.exe |
"{B66A097A-4325-4BB9-855A-FC34FFA91844}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B74C4611-A36D-4DFF-A4D7-8BE5850255D4}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe |
"{B854C389-872A-4B59-9A9A-1A08C8B33ED5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{C3C0F68F-7237-420D-A6D4-E609B9014ADD}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{C3E315EF-1BAE-4DE3-93A8-7495953568CB}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\exile252\counter-strike source\hl2.exe |
"{C5E93F6A-8B0E-4A39-81D6-10A6EFF26EF2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C724B765-0744-40D4-A49B-66C333493288}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{C9B07568-6B78-498A-8DF2-CEDDE88B479C}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\digitalwizards.exe |
"{CAE435BA-90F9-407B-8AE6-20F124A48CCC}" = protocol=6 | dir=in | app=c:\users\duke\appdata\roaming\dropbox\bin\dropbox.exe |
"{CB8124CB-6BFD-46D8-9459-532F98928BA1}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\jedi outcast\gamedata\jk2mp.exe |
"{CFD68507-E8F1-4D52-9634-4A3FFC5E37AD}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicator.exe |
"{D020B18B-658E-4BDD-A094-F13671BDB08C}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{D667DEC1-F8E9-4889-8370-2B7FFCB28869}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\metro 2033\metro2033.exe |
"{D7F67733-C391-4DBA-96FA-A91538158387}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\dark forces\dosbox\dosbox.exe |
"{D8F3B2CF-D833-4D73-AA58-73E89BF492C8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D914FBC6-40AF-4CC2-B136-003349815CCA}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\jedi academy\gamedata\jamp.exe |
"{DDF9166B-0A7D-4F9F-B03B-926C83D47D35}" = protocol=17 | dir=in | app=e:\program files\utorrent.exe |
"{DE464C5F-E36A-4108-B8D3-A161EBFA2A5E}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{E3D78282-ACFB-4FD3-8799-14E85ADEC30E}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{E4670A47-4759-48AA-A73F-FAC30D3FDCC2}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe |
"{E6F4F6C7-C33D-48AD-8181-B92C4BD60567}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{EB3AB749-4076-4093-B6B4-46FF493474C5}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\sendafax.exe |
"{ED2DEF1A-3681-4A89-9ABA-3E933B43143C}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{F179498B-763D-431B-A5A2-06AEE850782D}" = protocol=17 | dir=in | app=c:\users\duke\appdata\roaming\dropbox\bin\dropbox.exe |
"{FC2F3821-C63A-4BCB-84A1-19248094FE65}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{FD2D7F7F-87B7-43AB-BD44-69FD40BE3F52}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"TCP Query User{058DDB31-9899-436B-9ED0-6BBD7BF0E253}E:\program files\udk\binaries\swarmagent.exe" = protocol=6 | dir=in | app=e:\program files\udk\binaries\swarmagent.exe |
"TCP Query User{0DFB22D4-E8DA-49D7-9760-E975178D8BFA}E:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{1089A54F-AA85-42DB-A116-AC2F6B198863}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{10DAC8E3-4DBB-4C16-B609-D34BB08AEB8E}D:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe |
"TCP Query User{2391AA0A-21CE-4485-8BA1-BBD370774729}E:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{28998A89-F000-466D-81AE-7EBEAACB5210}E:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{3837ACF1-D418-4C7B-8377-E3608A797FCB}E:\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.patch.exe |
"TCP Query User{3F8CE726-640D-49BA-A205-4FC20709855E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{5BA268C3-E5F1-4E5B-9295-DC35702482A6}E:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{5CFEECC1-C123-464B-8BA0-129EABFC73AB}D:\program files\midway\unreal tournament 3\binaries\ut3.exe" = protocol=6 | dir=in | app=d:\program files\midway\unreal tournament 3\binaries\ut3.exe |
"TCP Query User{643E7C94-1592-490B-A26B-729489D2ADF4}E:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe |
"TCP Query User{6CF58741-B0FF-4D8E-B5D3-2623BBCF9566}E:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"TCP Query User{6F2EF35E-1578-43A9-88C5-BC958B153B4A}E:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{73788743-D013-4C71-8DAF-0CF22D8EA886}E:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{7B610238-9B73-41DE-90C2-818287B63E8F}D:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"TCP Query User{88461F93-98A2-403F-8D98-ECE825672C59}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{95955748-F833-463B-8CBB-2BE3AA60BE70}D:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{9B53EB21-C1B2-47F8-B7C5-305B6982F2A8}D:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{AB2C4D5C-D319-4806-9391-72FCD47984BE}D:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe |
"TCP Query User{BE21B7BD-C5E7-4024-BCD2-1A296AF80345}C:\users\duke\downloads\diablo-iii-setup-engb.exe" = protocol=6 | dir=in | app=c:\users\duke\downloads\diablo-iii-setup-engb.exe |
"TCP Query User{C29E0BC1-99BB-4AD7-B826-5D177C478408}E:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"TCP Query User{CBA187B5-9F78-4330-8B1E-968E84E00036}E:\program files\udk\binaries\win32\udk.exe" = protocol=6 | dir=in | app=e:\program files\udk\binaries\win32\udk.exe |
"TCP Query User{D5D8FE21-7475-477B-B0B5-83DB89AE086B}E:\program files\udk\binaries\win64\udk.exe" = protocol=6 | dir=in | app=e:\program files\udk\binaries\win64\udk.exe |
"TCP Query User{DB7661BA-CE2B-4E87-B5A6-85DD9D0BF4B9}E:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{178CB176-E773-4338-A8C9-CDB70326DDBA}C:\users\duke\downloads\diablo-iii-setup-engb.exe" = protocol=17 | dir=in | app=c:\users\duke\downloads\diablo-iii-setup-engb.exe |
"UDP Query User{285DDB4F-E19E-4E94-95A1-153B4D25722D}E:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{2B7A85B5-9687-4885-ACA3-F8F8AC8F9BB5}E:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{2EE80112-D9D9-4B1A-B04D-F26327167C86}D:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\dark souls prepare to die edition\data\data.exe |
"UDP Query User{3144B129-65B7-40DA-8B6E-36E9DF0357FC}E:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{34FA9A53-43F4-49B0-989A-3B36CEE3E6D4}D:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"UDP Query User{3557D5C3-F4B9-4BEC-877F-08C421587023}D:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{52931BD5-5E77-4B07-B281-DD446F39999F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{65DC024F-AD3A-4B2E-B207-73969350DD92}E:\program files\udk\binaries\win32\udk.exe" = protocol=17 | dir=in | app=e:\program files\udk\binaries\win32\udk.exe |
"UDP Query User{66173F9C-6EF4-42E3-BC22-CF9ACDB3A924}E:\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.patch.exe |
"UDP Query User{665FDCC7-C7E9-4938-9086-87BC9A146836}D:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{87F57130-E267-4CD6-AE25-977A6AF779E5}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{A66D41EB-5860-4B87-B040-FF4BA2810072}D:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe |
"UDP Query User{AECBD6B5-8B63-4D85-9C18-3A74D6A26BE7}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{B2DFEAB9-F64C-45EF-ADAD-58AED8EE4BD1}E:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{B79052B2-524F-4A25-8BF8-F8B3E670CB75}E:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"UDP Query User{BBDCFBA1-80BD-4684-85C8-6845C2BE75D8}E:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{C38CEE3E-B502-4BF4-BC33-FFE35DB280A9}E:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{C44F1D73-06D9-43D4-B43F-9E7A962E0960}E:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"UDP Query User{C533BB31-4BFC-4185-9D95-7876E310FA84}E:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe |
"UDP Query User{CB03BD33-646C-4241-8DB4-6F0D621C7AA7}E:\program files\udk\binaries\win64\udk.exe" = protocol=17 | dir=in | app=e:\program files\udk\binaries\win64\udk.exe |
"UDP Query User{DB0D33EE-9BCA-40D7-B032-CF564FD2D3F2}D:\program files\midway\unreal tournament 3\binaries\ut3.exe" = protocol=17 | dir=in | app=d:\program files\midway\unreal tournament 3\binaries\ut3.exe |
"UDP Query User{DCA256E5-8817-41CF-9E46-E3BCB638EFB1}E:\program files\udk\binaries\swarmagent.exe" = protocol=17 | dir=in | app=e:\program files\udk\binaries\swarmagent.exe |
"UDP Query User{EB1FABB6-CB88-4953-BCF9-CC76ADD52A5C}E:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{3CF97AC1-219E-44DA-B3DE-32FCAD606231}" = HP Officejet 4620 series Product Improvement Study
"{4529F749-C362-4119-AFA0-0A3F1CA924AB}" = Autodesk MatchMover 2012 64-bit
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E6BB4E4-0B20-4922-AA37-260FA5ACFBA5}" = Autodesk Maya 2012 64-bit
"{A2E836B3-59A6-486B-82DC-1EA3878BCDEA}" = HP Officejet 4620 series Basic Device Software
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AC3E3746-8F18-4F8A-9521-1493022C6E0A}" = Autodesk DirectConnect 2012 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BA357941-25A7-410C-A47E-9AAF7DE1248B}" = Trapcode Suite 64-bit
"{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}" = Smart Technology Programming Software 7.0.27.13
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC4AD39F-9DCE-4BD0-B7D0-7C81CEB9F04B}" = NVIDIA PhysX Plug-in for Autodesk Maya 2012 64 bit
"Autodesk DirectConnect 2012 64-bit" = Autodesk DirectConnect 2012 64-bit
"Autodesk Maya 2012 64-bit" = Autodesk Maya 2012 64-bit
"Digieffects Delirium_is1" = Digieffects Delirium 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"UDK-fea6e172-decf-4c3b-8e8c-fc7e2b0df7c8" = Unreal Development Kit: 2012-07
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D30434C-07D5-4DE7-BD2D-29B2CC1AB68E}_is1" = Delirium version 2.5
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{483A865C-A74A-12BF-1276-D0111A488F50}" = Adobe® Content Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{5694CB44-061E-40FC-A712-FF27DE7DFC8B}" = DayZ Commander
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{606C37AB-EB04-4270-A592-201A03C2DB36}" = HP Officejet 4620 series Help
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB509245-1245-4867-8BD4-6B2C5A734504}" = Windows Installer XML Toolset 3.5
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe® Content Viewer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Digital Photo Professional" = Canon Utilities Digital Photo Professional 3.11
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{BA357941-25A7-410C-A47E-9AAF7DE1248B}" = Trapcode Suite 64-bit
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Reason5_is1" = Reason 5.0
"Steam App 11440" = DiRT
"Steam App 13260" = Unreal Development Kit
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 218230" = PlanetSide 2
"Steam App 32380" = Star Wars Jedi Knight: Dark Forces II
"Steam App 32390" = Star Wars - Jedi Knight: Mysteries of the Sith
"Steam App 32400" = Star Wars: Dark Forces
"Steam App 43110" = Metro 2033
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 6020" = Star Wars Jedi Knight: Jedi Academy
"Steam App 63660" = Myst: Masterpiece Edition
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 745" = Counter-Strike: Global Offensive - SDK
"Twixtor 5, After Effects-compatible plugin set" = Twixtor 5, After Effects-compatible plugin set
"UltraISO_is1" = UltraISO Premium V9.52
"Update Engine" = Sony Ericsson Update Engine
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VLC media player" = VLC media player 1.1.7
"WinLiveSuite" = Windows Live Essentials
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05/04/2013 17:02:15 | Computer Name = HAL | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 16/04/2013 08:36:55 | Computer Name = HAL | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 17/04/2013 18:12:01 | Computer Name = HAL | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 27/04/2013 09:42:42 | Computer Name = HAL | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 02/05/2013 15:33:01 | Computer Name = HAL | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 02/05/2013 17:15:40 | Computer Name = HAL | Source = Application Error | ID = 1000
Description = Faulting application name: TESV.exe, version: 1.7.7.0, time stamp:
0x4feb471e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x77850bd2 Faulting process id: 0xec4 Faulting application
start time: 0x01ce47774c64d740 Faulting application path: D:\Program Files\The Elder
Scrolls V Skyrim\TESV.exe Faulting module path: unknown Report Id: 70742702-b36d-11e2-aa01-0030840fc740

Error - 03/05/2013 03:49:50 | Computer Name = HAL | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 20.0.1.4847 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 5dc Start
Time: 01ce47d2634ec434 Termination Time: 31 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 06dbd469-b3c6-11e2-ae7d-0030840fc740

Error - 08/05/2013 14:56:04 | Computer Name = HAL | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 09/05/2013 16:40:59 | Computer Name = HAL | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 20.0.1.4847, time
stamp: 0x51650aee Faulting module name: xul.dll, version: 20.0.1.4847, time stamp:
0x51650a09 Exception code: 0xc0000005 Fault offset: 0x000b10e8 Faulting process id:
0x4b4 Faulting application start time: 0x01ce4cf083d24e09 Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\xul.dll Report Id: c0d280a5-b8e8-11e2-bdba-0030840fc740

Error - 11/05/2013 10:42:13 | Computer Name = HAL | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Autodesk\Composite
2012\python\lib\distutils\command\wininst-8_d.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 27/04/2013 14:08:33 | Computer Name = HAL | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 27/04/2013 14:09:24 | Computer Name = HAL | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 27/04/2013 14:17:04 | Computer Name = HAL | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 27/04/2013 14:22:26 | Computer Name = HAL | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 30/04/2013 17:27:35 | Computer Name = HAL | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 30/04/2013 17:29:03 | Computer Name = HAL | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 09/05/2013 15:29:17 | Computer Name = HAL | Source = EventLog | ID = 6008
Description = The previous system shutdown at 03:00:12 on ?09/?05/?2013 was unexpected.

Error - 11/05/2013 05:13:51 | Computer Name = HAL | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WerSvc service.

Error - 11/05/2013 05:14:21 | Computer Name = HAL | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WerSvc service.

Error - 11/05/2013 05:14:40 | Computer Name = HAL | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.


< End of report >
  • 0

#5
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello,

Please, follow these steps:

Step 1. Changing Chrome homepage.

Your current Chrome homepage is malicious.

Please, follow this instruction and set your homepage to www.google.com or to something else, what you want.

Step 2. Uninstall Chrome extensions.

  • Launch your Google Chrome browser.
  • In the address bar type the following:

    chrome:extensions
  • Extension list will appear.
  • Find there conatiinuaeotaoassaVe and SearchNewTab extension.
  • Click on the recycle bin icon near them (uninstall them).
  • Restart your browser.

Step 3. AdwCleaner scan.

  • Please, download AdwCleaner from here to your Desktop.
  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on the Delete button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.
  • After fix Notepad window with report should appear. Post the contents of the report in your next message.

Step 4. OTL fix.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easyli...825&lg=EN&cc=GB
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easyli...825&lg=EN&cc=GB
    IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easyli...825&lg=EN&cc=GB
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.defaulturl: "http://search.easylifeapp.com/?pid=658&src=ff2&r=2013/05/03&hid=4225312825&lg=EN&cc=GB&l=1&q="
    FF - prefs.js..browser.search.order.1: "EasyLife"
    FF - prefs.js..browser.search.order.1,S: S", "EasyLife"
    FF - prefs.js..browser.search.selectedEngine,S: S", "EasyLife"
    FF - prefs.js..keyword.URL: "http://search.easylifeapp.com/?pid=658&src=ff2&r=2013/05/03&hid=4225312825&lg=EN&cc=GB&l=1&q="
    FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "google"
    FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://search.easylifeapp.com/?pid=658&src=ff1&r=2013/05/03&hid=4225312825&lg=EN&cc=GB"
    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.easylifeapp.com/?pid=658&src=ff2&r=2013/05/03&hid=4225312825&lg=EN&cc=GB&l=1&q="
    [2013/02/10 14:37:30 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Duke\AppData\Roaming\Mozilla\Firefox\Profiles\usp0sdvi.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    [2013/05/03 08:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
    [2013/05/03 08:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchNewTab
    [2013/05/03 08:45:42 | 000,000,000 | ---D | C] -- C:\Users\Duke\AppData\Roaming\Systweak
    [2013/05/03 08:45:40 | 000,020,488 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
    [2013/05/03 08:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\conatiinuaeotaoassaVe
    [2013/05/03 08:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
    @Alternate Data Stream - 1273 bytes -> C:\Users\Duke\AppData\Local\JfuYBagTliGE7:c4WGlfGUZRQ56Z8caobnX3
    @Alternate Data Stream - 1091 bytes -> C:\Users\Duke\AppData\Local\Temp:bdBwc1tcc1gQDNLolOtkBl7
    
    :Commands
    [REBOOT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

So, please, don't forget to post in your next message:

  • AdwCleaner's log
  • OTL log

  • 0

#6
Duke_haphazard

Duke_haphazard

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Finished all the scans now. Whats really weird is I didn't even have Chrome installed. I use Firefox as my browser. I installed Chrome ages ago but didn't like it, so I uninstalled it. Though it must have kept some reg files or something deep within my PC.

Here is the log form Adwcleaner. It says at the bottom all the SweetIM stuff has been deleted, so I guess that's a good sign.

# AdwCleaner v2.300 - Logfile created 05/12/2013 at 10:30:01
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Duke - HAL
# Boot Mode : Normal
# Running from : C:\Users\Duke\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\uTorrentControl2
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\conatiinuaeotaoassaVe
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\SearchNewTab
Folder Deleted : C:\Users\Duke\AppData\Local\Conduit
Folder Deleted : C:\Users\Duke\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Duke\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Duke\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Duke\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\Duke\AppData\Roaming\Mozilla\Firefox\Profiles\usp0sdvi.default\ConduitCommon
Folder Deleted : C:\Users\Duke\AppData\Roaming\Mozilla\Firefox\Profiles\usp0sdvi.default\CT3072253
Folder Deleted : C:\Users\Duke\AppData\Roaming\Mozilla\Firefox\Profiles\usp0sdvi.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{383F7C5B-870A-4C7B-82E2-867809BCBC27}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78ACD12A-C543-4559-AA67-AB6AF51237ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=658&src=ie1&r=2013/05/03&hid=4225312825&lg=EN&cc=GB --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Duke\AppData\Roaming\Mozilla\Firefox\Profiles\usp0sdvi.default\prefs.js

C:\Users\Duke\AppData\Roaming\Mozilla\Firefox\Profiles\usp0sdvi.default\user.js ... Deleted !

Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129572937280362976", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445530228833", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_130067979083742856", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_1359634299000", true);
Deleted : user_pref("CT3072253.CTID", "CT3072253");
Deleted : user_pref("CT3072253.CurrentServerDate", "12-5-2013");
Deleted : user_pref("CT3072253.DSInstall", false);
Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Thu May 09 2013 21:05:16 GMT+0100 (GMT Daylight T[...]
Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072253.EnableClickToSearchBox", false);
Deleted : user_pref("CT3072253.EnableSearchHistory", false);
Deleted : user_pref("CT3072253.EnableSearchSuggest", false);
Deleted : user_pref("CT3072253.FirstServerDate", "26-2-2012");
Deleted : user_pref("CT3072253.FirstTime", true);
Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3072253.HPInstall", false);
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.Initialize", true);
Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3072253.InstallationId", "ConduitXPEIntegration");
Deleted : user_pref("CT3072253.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT3072253.InstalledDate", "Sat Feb 25 2012 21:20:59 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT3072253.IsGrouping", false);
Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Sun May 12 2013 10:24:02 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3072253.LastLogin_3.12.0.7", "Wed Apr 25 2012 11:51:32 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3072253.LastLogin_3.12.2.3", "Sat Jun 02 2012 22:03:15 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Tue Jul 17 2012 18:00:04 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Tue Aug 28 2012 20:22:09 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3072253.LastLogin_3.15.1.0", "Mon Nov 19 2012 22:01:25 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT3072253.LastLogin_3.16.0.3", "Sun Feb 10 2013 13:34:22 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT3072253.LastLogin_3.18.0.7", "Sun May 12 2013 10:24:02 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3072253.LastLogin_3.9.0.3", "Sat Feb 25 2012 21:21:00 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT3072253.LatestVersion", "3.18.0.7");
Deleted : user_pref("CT3072253.Locale", "en");
Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072253.MCDetectTooltipShow", false);
Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.9.0.3");
Deleted : user_pref("CT3072253.RadioShrinked", "shrinked");
Deleted : user_pref("CT3072253.RadioShrinkedFromSetup", true);
Deleted : user_pref("CT3072253.SHRINK_TOOLBAR", 0);
Deleted : user_pref("CT3072253.SearchBackToDefaultEngine", false);
Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Sun May 12 2013 10:23:59 GMT+0100 (GMT Daylight [...]
Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3072253.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Sun May 12 2013 10:24:02 GMT+0100 (GMT Daylight Time[...]
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Sun May 12 2013 10:23:58 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT3072253.SettingsLastUpdate", "1368346303");
Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Sat Feb 25 2012 21:20:58 GMT+0000 (GMT Standar[...]
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", true);
Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3072253.UserID", "UN99035658653630322");
Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Deleted : user_pref("CT3072253.approveUntrustedApps", false);
Deleted : user_pref("CT3072253.autoDisableScopes", -1);
Deleted : user_pref("CT3072253.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E2025203[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e.:2z527", "2423");
Deleted : user_pref("CT3072253.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e06cg5el8:", "6E6D6B6B6F71726D7377");
Deleted : user_pref("CT3072253.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473717175777873797D242F4B4947[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT3072253.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Deleted : user_pref("CT3072253.backendstorage./9b-0?3g>d", "6C3E6E6D716E6E447A42774573204C4C4D21254F52247E2A25[...]
Deleted : user_pref("CT3072253.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT3072253.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Deleted : user_pref("CT3072253.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]
Deleted : user_pref("CT3072253.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Deleted : user_pref("CT3072253.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484775213F3E484F4E4D464[...]
Deleted : user_pref("CT3072253.backendstorage./9b5ba==9cjag", "3A3E6E3D704143717A6F71787774774C7C7A4B4C21");
Deleted : user_pref("CT3072253.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6B6B6F71726D7374717473");
Deleted : user_pref("CT3072253.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT3072253.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Deleted : user_pref("CT3072253.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT3072253.backendstorage./9b<:222h64<l8daj", "6D70706F7674707977772A7973727979757C21");
Deleted : user_pref("CT3072253.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT3072253.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT3072253.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT3072253.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "5361742046656220323520323031322032313A32313A30312[...]
Deleted : user_pref("CT3072253.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476[...]
Deleted : user_pref("CT3072253.backendstorage.mam_gk_appsdefaultenabled", "74727565");
Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstatereporttime", "31333637343333393433323733");
Deleted : user_pref("CT3072253.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B22[...]
Deleted : user_pref("CT3072253.backendstorage.mam_gk_currentversion", "312E342E342E36");
Deleted : user_pref("CT3072253.backendstorage.mam_gk_first_time", "31");
Deleted : user_pref("CT3072253.backendstorage.mam_gk_lastlogintime", "31333637343333393433333732");
Deleted : user_pref("CT3072253.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C69637[...]
Deleted : user_pref("CT3072253.backendstorage.mam_gk_settings1.4.4.6", "7B22537461747573223A227375636365656465[...]
Deleted : user_pref("CT3072253.backendstorage.mam_gk_showclosebutton", "74727565");
Deleted : user_pref("CT3072253.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Deleted : user_pref("CT3072253.backendstorage.mam_gk_userid", "35613461303032372D376366392D343164392D613134302[...]
Deleted : user_pref("CT3072253.backendstorage.pg_enable", "74727565");
Deleted : user_pref("CT3072253.backendstorage.searchappstate", "31");
Deleted : user_pref("CT3072253.backendstorage.searchapptracking", "73656E74");
Deleted : user_pref("CT3072253.components.129572937280362976", false);
Deleted : user_pref("CT3072253.components.129572937422272723", false);
Deleted : user_pref("CT3072253.components.129573915102477663", false);
Deleted : user_pref("CT3072253.components.129593762370823811", false);
Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Sat Feb 25 2012 21:21:00 GMT+0000 (GMT Stan[...]
Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3072253.isFirstRadioInstallation", false);
Deleted : user_pref("CT3072253.isSearchProtectorNotifyChanges", false);
Deleted : user_pref("CT3072253.myStuffEnabled", true);
Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3072253.revertSettingsEnabled", true);
Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Sun May 12 2013 10:24:02 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Sat Feb 25 2012 21:21:00 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT3072253.usageEnabled", false);
Deleted : user_pref("CT3072253.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/UK", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"51f[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Duke\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Deleted : user_pref("CommunityToolbar.globalUserId", "43092f50-35cf-4afa-aa33-b02b69f31368");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Feb 25 2012 21:21:0[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Feb 25 2012 22:21:08 GMT+000[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Feb 25 2012 21:20:59 GMT+0000 (G[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "8f19d4e1-6945-4096-b419-1649895043b6");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.easylifeapp.com/?pid=658&src=ff2&r=2013/05/03&[...]
Deleted : user_pref("browser.search.order.1", "EasyLife");
Deleted : user_pref("browser.search.order.1,S", "EasyLife");
Deleted : user_pref("browser.search.selectedEngine,S", "EasyLife");
Deleted : user_pref("extensions.50814bb45588f.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.51836b24e3436.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("keyword.URL", "hxxp://search.easylifeapp.com/?pid=658&src=ff2&r=2013/05/03&hid=4225312825[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "google");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.easylifeapp.com/?pid=6[...]
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.easylifeapp.com/?pid=658&src=ff2&r=[...]
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Duke\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.669] : urls_to_restore_on_startup = [ "hxxp://search.easylifeapp.com/?pid=658&src=ch1&r=2013/05/03&h[...]

*************************

AdwCleaner[S1].txt - [27895 octets] - [12/05/2013 10:30:01]

########## EOF - C:\AdwCleaner[S1].txt - [27956 octets] ##########


Some reason after the restart, OTL hasn't opened a .txt with its info on.

Edited by Duke_haphazard, 12 May 2013 - 03:47 AM.

  • 0

#7
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
How your computer is running now?

Can you please make fresh AdwCleaner's log (click Scan button instead of Delete) and OTL log?
  • 0

#8
Duke_haphazard

Duke_haphazard

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
It seems to have totally cleared up, I'm not having any more problems with it. My homepages are behaving themselves and I'm not getting the annoying popups anymore :)

I think you guys have done the trick!

Thanks so much!
  • 0

#9
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hey, what about logs in this message?

Edited by Phel, 12 May 2013 - 01:22 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP