My wife is a couponer so I can only assume she got this infection through some coupon site.
Here is my result:
OTL logfile created on: 12/19/2013 5:51:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Parent\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.75 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 66.15% Memory free
3.35 Gb Paging File | 2.77 Gb Available in Paging File | 82.75% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 113.10 Gb Free Space | 75.88% Space Free | Partition Type: NTFS
Drive D: | 53.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 3.73 Gb Total Space | 1.91 Gb Free Space | 51.19% Space Free | Partition Type: FAT32
Drive F: | 14.40 Gb Total Space | 3.19 Gb Free Space | 22.17% Space Free | Partition Type: FAT32
Computer Name: K12-2DDEF1F8D6B | User Name: Parent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/12/16 04:09:22 | 002,251,552 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2013/12/03 01:26:04 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/12/02 14:22:24 | 002,562,368 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
PRC - [2013/12/01 17:54:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Parent\Desktop\OTL.exe
PRC - [2013/11/29 14:59:02 | 000,770,368 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\Monitor.exe
PRC - [2013/11/28 17:56:40 | 000,646,976 | ---- | M] (IOBit) -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe
PRC - [2013/11/15 11:25:24 | 000,886,592 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/10/22 00:31:26 | 000,313,208 | ---- | M] (Updater) -- C:\Documents and Settings\All Users\Application Data\Updater\updater.exe
PRC - [2013/10/22 00:31:26 | 000,251,768 | ---- | M] (WatchDog) -- C:\Documents and Settings\All Users\Application Data\RHelpers\IeHelper\IeHelper.exe
PRC - [2013/10/22 00:31:26 | 000,251,768 | ---- | M] (WatchDog) -- C:\Documents and Settings\All Users\Application Data\RHelpers\FirefoxHelper\FirefoxHelper.exe
PRC - [2013/10/22 00:31:26 | 000,251,768 | ---- | M] (WatchDog) -- C:\Documents and Settings\All Users\Application Data\RHelpers\ChromeHelper\ChromeHelper.exe
PRC - [2013/03/26 12:12:56 | 005,271,040 | ---- | M] (Joyent, Inc) -- C:\Program Files\ATT\8.2.1.6\ma\bin\node.exe
PRC - [2013/03/26 12:12:56 | 000,319,488 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT\8.2.1.6\ma\bin\MAHostService.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/01/04 14:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2009/02/20 12:23:26 | 000,495,700 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2002/12/31 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/12/31 07:00:00 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
========== Modules (No Company Name) ==========
MOD - [2013/12/01 11:22:51 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
MOD - [2013/12/01 11:14:43 | 000,762,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8927b576eb15c4a8f4bb04f05e7cc51e\System.Runtime.Remoting.ni.dll
MOD - [2013/12/01 11:14:35 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dll
MOD - [2013/12/01 11:14:32 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/12/01 10:23:07 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/12/01 09:48:32 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/12/01 09:48:31 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/12/01 09:48:30 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/12/01 09:48:21 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2013/12/01 09:48:21 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/12/01 09:48:19 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2013/12/01 09:48:18 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2013/12/01 09:48:17 | 002,052,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/12/01 09:48:14 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2013/12/01 09:48:11 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2013/12/01 09:41:27 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/12/01 09:41:20 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/12/01 09:40:49 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/12/01 09:40:24 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/12/01 09:39:33 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/12/01 09:39:25 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/12/01 09:39:09 | 006,817,280 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\de9e77138e17f0188104c9ec32d375da\System.Data.ni.dll
MOD - [2013/12/01 09:39:00 | 007,070,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/12/01 09:38:51 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/12/01 09:38:43 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/11/14 16:02:32 | 000,218,944 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\Antivirus\bdfltlib.dll
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\madbasic_.bpl
MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\webres.dll
MOD - [2013/01/15 18:47:50 | 000,517,440 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\sqlite3.dll
MOD - [2012/10/18 16:31:16 | 000,240,640 | ---- | M] () -- C:\Program Files\ATT\8.2.1.6\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
MOD - [2012/10/18 16:31:04 | 000,246,784 | ---- | M] () -- C:\Program Files\ATT\8.2.1.6\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
MOD - [2012/10/18 16:30:52 | 000,233,984 | ---- | M] () -- C:\Program Files\ATT\8.2.1.6\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
MOD - [2012/07/12 18:37:54 | 001,380,864 | ---- | M] () -- C:\Program Files\ATT\8.2.1.6\ma\node_modules\libxmljs\build\Release\libxmljs.node
MOD - [2012/06/26 15:40:04 | 000,068,096 | ---- | M] () -- C:\Program Files\ATT\8.2.1.6\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
MOD - [2012/01/03 20:13:07 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2012/01/03 20:13:07 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2012/01/03 20:13:05 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2012/01/03 20:13:05 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2012/01/03 20:13:05 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2012/01/03 20:13:04 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2012/01/03 20:13:04 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2012/01/03 20:13:04 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2012/01/03 20:13:04 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2012/01/03 19:41:33 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2012/01/03 19:41:32 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2012/01/03 19:41:32 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2012/01/03 19:41:32 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2012/01/03 19:41:28 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2012/01/03 19:41:28 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2012/01/03 19:41:28 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2012/01/03 19:41:28 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2012/01/03 19:41:28 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2012/01/03 19:41:28 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2012/01/03 19:41:27 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2012/01/03 19:41:27 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2012/01/03 19:41:27 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/01/04 14:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
MOD - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
MOD - [2010/03/10 13:50:38 | 000,204,800 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiLib.dll
MOD - [2009/08/28 15:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll
MOD - [2009/08/13 17:48:20 | 000,488,448 | ---- | M] () -- C:\WINDOWS\system32\apdfprintmon.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/12/16 04:09:22 | 002,251,552 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/12/11 03:20:30 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/02 10:58:48 | 002,151,232 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/11/28 17:56:40 | 000,646,976 | ---- | M] (IOBit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe -- (ASCAntivirusSrv)
SRV - [2013/11/27 00:48:41 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/15 11:25:24 | 000,886,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/03/26 12:12:56 | 000,319,488 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\ATT\8.2.1.6\ma\bin\MAHostService.exe -- (ATT MAHostService)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/08/04 13:44:24 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2009/11/05 15:08:36 | 000,360,529 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/02/20 12:23:26 | 000,495,700 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2002/12/31 07:00:00 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dsNcAdpt.sys -- (dsNcAdpt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/02/16 00:58:26 | 007,412,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/05/13 02:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 02:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/05/13 02:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/05/13 02:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/09/30 19:15:00 | 001,759,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2010/06/18 14:10:15 | 000,184,888 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ahcix86.sys -- (ahcix86)
DRV - [2010/04/09 19:26:12 | 005,913,632 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/02/09 07:56:14 | 000,222,248 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2010/02/02 15:09:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/02 15:09:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/15 15:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/12/15 15:29:34 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/12/15 15:29:30 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/12/15 15:29:26 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/12/15 14:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/01/30 16:13:20 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/09/25 17:07:00 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2007/04/16 18:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2002/12/31 07:00:00 | 001,161,696 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/12/31 07:00:00 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\..\SearchScopes,DefaultScope = {134AA755-3ED5-48D9-AE38-8DF0955C066D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.k12.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...CF29901B4&SSPV=
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 4E 69 67 43 65 CD 01 [binary data]
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\SearchScopes\{0A75FE62-541A-4C74-ADA5-5D4D95ED210F}: "URL" = http://websearch.ask...31-2D935EAC9FD6
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\SearchScopes\{134AA755-3ED5-48D9-AE38-8DF0955C066D}: "URL" = http://search.condui...2571500731&UM=2
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-07-14 16:59:14&v=11.0.0.10&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..\SearchScopes\{F613CE83-CCF1-4DE9-8143-A3B5E08097A8}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
========== FireFox ==========
FF - prefs.js..CT3315827.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "InternetHelper3.6 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=677874"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...F29901B4&SSPV="
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: support%40tubedimmerapp.com:2.6.4723772
FF - prefs.js..extensions.enabledAddons: %7B94625830-343a-4df0-88c1-444d195064d0%7D:10.22.5.510
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130813024103
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "http://search.condui...091223&UM=2&q="
FF - user.js..extensions.enabledAddons: [email protected]:1.0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\ATT\8.2.1.6\ma\bin\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Parent\Local Settings\Application Data\RobloxVersions\version-28a069d7dccb4f92\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Parent\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/02 18:50:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/31 10:25:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/01 14:20:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/01 14:20:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Social Privacy\FF\
[2010/08/24 15:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Parent\Application Data\Mozilla\Extensions
[2013/12/19 15:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions
[2012/01/18 20:57:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/12/06 22:37:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/12/01 09:16:48 | 000,000,000 | ---D | M] (InternetHelper3.6) -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\{94625830-343a-4df0-88c1-444d195064d0}
[2013/12/19 15:52:31 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\[email protected]
[2013/12/01 13:53:27 | 000,000,000 | ---D | M] (Tube Dimmer) -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\[email protected]
[2012/06/28 21:24:19 | 000,550,833 | ---- | M] () (No name found) -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\extensions\[email protected]
[2013/12/10 07:54:40 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\searchplugins\conduit-search.xml
[2013/12/10 07:54:08 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Parent\Application Data\Mozilla\Firefox\Profiles\h38w5cc6.default\searchplugins\internethelper36-customized-web-search.xml
[2013/11/27 00:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/27 00:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/27 00:48:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/07/02 18:50:18 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
[2010/11/04 12:00:29 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2010/11/04 12:00:29 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2012/10/12 18:35:10 | 000,092,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/04/11 10:40:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/10/12 18:35:11 | 000,092,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/05/31 10:25:44 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/07/14 15:59:11 | 000,003,675 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: InternetHelper3.6 = C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\
CHR - Extension: InternetHelper3.6 = C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp\10.23.0.822_0\nativeMessaging\nmHost
CHR - Extension: Motive Extension = C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0\
CHR - Extension: Tube Dimmer = C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.47_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_1\
CHR - Extension: Google Wallet = C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Parent\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_1\
O1 HOSTS File: ([2013/12/01 19:01:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Social Privacy) - {91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} - C:\Program Files\Social Privacy\sp.dll ()
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O3 - HKLM\..\Toolbar: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-97400744-3973020173-3376078148-1003..\Run: [Advanced SystemCare Ultimate] C:\Program Files\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-97400744-3973020173-3376078148-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-97400744-3973020173-3376078148-1003..\Run: [Updater] C:\Documents and Settings\All Users\Application Data\Updater\updater.exe (Updater)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..Trusted Domains: arise.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-97400744-3973020173-3376078148-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ns.arise.com...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E163503C-6C22-4EAF-A1D4-E1F3DB8F4710}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA463FA6-3D52-49ED-9079-4D4BCEF53F9B}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\K12Wallpaper4.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\K12Wallpaper4.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/18 17:45:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/21 19:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/05/29 03:27:40 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (RegistryDefragBootTime.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/12/19 17:51:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Parent\Desktop\OTL.exe
[2013/12/19 17:10:55 | 000,024,384 | ---- | C] (IObit) -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2013/12/19 15:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Uninstaller
[2013/12/19 15:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ProductData
[2013/12/19 15:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{D76294E6-03B8-4971-AF2E-3F846161A690}
[2013/12/19 15:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
[2013/12/19 15:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/12/19 15:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Application Data\IObit
[2013/12/19 15:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare Ultimate 7
[2013/12/19 15:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2013/12/16 16:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect
[2013/12/13 16:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Application Data\Windows Search
[2013/12/09 15:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Local Settings\Application Data\visi_coupon
[2013/12/06 22:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2013/12/06 22:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Application Data\Yahoo!
[2013/12/06 22:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2013/12/06 22:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2013/12/06 22:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2013/12/03 19:47:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect
[2013/12/02 13:27:10 | 000,252,288 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2013/12/01 19:16:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/12/01 18:12:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/12/01 18:09:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/12/01 14:43:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Parent\Recent
[2013/12/01 14:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Desktop\How to remove the Conduit Search virus - Search.conduit.com redirect removal Malware Removal - Software & Tutorials_files
[2013/12/01 10:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TubeDimmer
[2013/12/01 09:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Local Settings\Application Data\ApplicationHistory
[2013/12/01 09:28:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2013/12/01 09:28:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2013/12/01 09:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Application Data\Windows Desktop Search
[2013/12/01 09:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2013/12/01 09:27:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/12/01 09:26:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2013/11/30 21:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2013/11/30 21:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2013/11/30 21:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Local Settings\Application Data\NativeMessaging
[2013/11/30 21:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Local Settings\Application Data\CRE
[2013/11/30 21:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Local Settings\Application Data\Conduit
[2013/11/30 21:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/11/30 20:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Application Data\ElevatedDiagnostics
[2013/11/30 20:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2013/11/30 20:41:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013/11/29 10:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Desktop\Walmart.com_files
[2013/11/28 10:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Local Settings\Application Data\BrowserSafeguard
[2013/11/27 00:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/12/19 17:31:52 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/19 17:20:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/19 17:06:27 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare Ultimate 7.lnk
[2013/12/19 17:05:39 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/12/19 16:56:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/19 16:55:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/19 16:55:52 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-97400744-3973020173-3376078148-1003.job
[2013/12/19 16:55:44 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\ASC7_PerformanceMonitor.job
[2013/12/19 16:55:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/19 16:55:26 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/19 15:52:27 | 000,000,912 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Uninstaller.lnk
[2013/12/19 12:08:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/12/18 16:36:55 | 000,001,243 | ---- | M] () -- C:\Documents and Settings\Parent\Desktop\ROBLOX Player.lnk
[2013/12/18 16:36:55 | 000,001,084 | ---- | M] () -- C:\Documents and Settings\Parent\Desktop\ROBLOX Studio 2013.lnk
[2013/12/18 08:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2013/12/17 22:32:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-97400744-3973020173-3376078148-1003.job
[2013/12/16 12:27:17 | 000,081,363 | ---- | M] () -- C:\Documents and Settings\Parent\Desktop\cake.jpg
[2013/12/14 22:39:38 | 000,045,811 | ---- | M] () -- C:\Documents and Settings\Parent\Desktop\mike.jpg
[2013/12/11 03:20:29 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/11 03:20:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/06 22:36:34 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Parent\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/12/06 22:36:34 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2013/12/03 02:03:45 | 000,503,050 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/03 02:03:45 | 000,087,390 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/02 13:27:12 | 000,252,288 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2013/12/01 19:22:23 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Parent\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/01 19:01:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/12/01 18:12:50 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2013/12/01 17:54:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Parent\Desktop\OTL.exe
[2013/12/01 14:43:00 | 000,178,957 | ---- | M] () -- C:\Documents and Settings\Parent\Desktop\How to remove the Conduit Search virus - Search.conduit.com redirect removal Malware Removal - Software & Tutorials.htm
[2013/12/01 14:28:49 | 000,001,526 | ---- | M] () -- C:\WINDOWS\disney.ini
[2013/12/01 14:28:38 | 000,000,057 | ---- | M] () -- C:\WINDOWS\TLCAPPS.INI
[2013/12/01 09:58:03 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/12/01 09:27:43 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/11/30 20:49:30 | 000,000,112 | ---- | M] () -- C:\WINDOWS\ka.ini
[2013/11/29 10:18:48 | 000,266,981 | ---- | M] () -- C:\Documents and Settings\Parent\Desktop\Walmart.com.htm
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/12/19 15:52:27 | 000,000,912 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Uninstaller.lnk
[2013/12/19 15:52:24 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\ASC7_PerformanceMonitor.job
[2013/12/19 15:52:01 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare Ultimate 7.lnk
[2013/12/16 12:27:01 | 000,081,363 | ---- | C] () -- C:\Documents and Settings\Parent\Desktop\cake.jpg
[2013/12/14 22:39:19 | 000,045,811 | ---- | C] () -- C:\Documents and Settings\Parent\Desktop\mike.jpg
[2013/12/06 22:36:34 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\Parent\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/12/06 22:36:34 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2013/12/01 19:16:02 | 000,001,877 | ---- | C] () -- C:\Documents and Settings\Parent\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/01 18:12:49 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2013/12/01 18:12:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/12/01 14:42:55 | 000,178,957 | ---- | C] () -- C:\Documents and Settings\Parent\Desktop\How to remove the Conduit Search virus - Search.conduit.com redirect removal Malware Removal - Software & Tutorials.htm
[2013/12/01 09:27:43 | 000,001,849 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2013/12/01 09:27:43 | 000,001,833 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/11/29 10:18:45 | 000,266,981 | ---- | C] () -- C:\Documents and Settings\Parent\Desktop\Walmart.com.htm
[2013/11/05 14:08:57 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\Parent\Local Settings\Application Data\rbxcsettings.rbx
[2013/03/28 14:31:30 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2013/03/09 00:50:34 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\Parent\jagex_cl_oldschool_LIVE.dat
[2013/01/25 12:39:34 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2013/01/25 12:36:07 | 000,488,448 | ---- | C] () -- C:\WINDOWS\System32\apdfprintmon.dll
[2012/12/20 19:00:56 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\d3d9caps.dat
[2012/12/20 00:55:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/06 19:51:50 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Parent\Local Settings\Application Data\recently-used.xbel
[2012/07/15 21:18:05 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Parent\Local Settings\Application Data\dt.dat
[2012/07/08 17:56:40 | 000,000,067 | ---- | C] () -- C:\Documents and Settings\Parent\jagex_cl_runescape_LIVE_BETA.dat
[2012/06/06 18:27:18 | 000,000,063 | ---- | C] () -- C:\Documents and Settings\Parent\jagex_cl_runescape_LIVE1.dat
[2012/03/25 20:17:16 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Parent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/16 12:06:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 21:31:20 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2012/02/15 21:31:04 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OVDecoder.dll
[2012/02/06 00:10:38 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\Parent\jagex_cl_runescape_LIVE.dat
[2012/02/06 00:10:38 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Parent\random.dat
[2012/01/04 03:27:37 | 002,405,663 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-97400744-3973020173-3376078148-1003-0.dat
[2012/01/04 03:27:30 | 000,274,230 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/03 19:02:30 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/02 22:19:04 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
========== ZeroAccess Check ==========
[2012/07/14 02:55:27 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{fe65e04e-2037-b6a3-5ac6-72405ab04c23}\L
[2012/07/15 15:53:16 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{fe65e04e-2037-b6a3-5ac6-72405ab04c23}\U
[2012/07/14 21:50:37 | 000,000,804 | ---- | M] () -- C:\WINDOWS\Installer\{fe65e04e-2037-b6a3-5ac6-72405ab04c23}\L\00000004.@
[2012/07/14 02:52:06 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Parent\Local Settings\Application Data\{fe65e04e-2037-b6a3-5ac6-72405ab04c23}\L
[2012/07/18 09:07:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Parent\Local Settings\Application Data\{fe65e04e-2037-b6a3-5ac6-72405ab04c23}\U
[2012/07/14 02:52:06 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Parent\Local Settings\Application Data\{fe65e04e-2037-b6a3-5ac6-72405ab04c23}\L\00000004.@
[2012/01/02 22:17:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2002/12/31 07:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2002/12/31 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
I am attaching the extras.txt file that also came from running OTL just in case it can be used in some way too.